Merge ~pelpsi/turnip/+git/dependencies:gunicorn-upgrade-HTTP-request-smuggling-vulnerability into ~canonical-launchpad-branches/turnip/+git/dependencies:master
Proposed by
Simone Pelosi
| Status: | Merged |
|---|---|
| Approved by: | Simone Pelosi |
| Approved revision: | b57ddda3727bb7a92169c368c0f6ba283dc72cd6 |
| Merge reported by: | Otto Co-Pilot |
| Merged at revision: | not available |
| Proposed branch: | ~pelpsi/turnip/+git/dependencies:gunicorn-upgrade-HTTP-request-smuggling-vulnerability |
| Merge into: | ~canonical-launchpad-branches/turnip/+git/dependencies:master |
| Diff against target: |
4 lines (+0/-0) 0 files modified
|
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Guruprasad | Approve | ||
|
Review via email:
|
|||
Commit message
Upgraded gunicorn to fix HTTP request smuggling vulnerability
A penetration test found that our gunicorn version is vulnerable, version 20.1.0 should be safe.
To post a comment you must log in.
Revision history for this message
| Simone Pelosi (pelpsi) wrote | # |
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
LGTM 👍🏼 But, afaik, we have a process of not removing the existing version when adding a newer version and the older version removed later separately when the older version is not used anywhere.